feat(policies): add gate support for policy groups

## Summary

Currently, when attaching policies to contracts, individual policies support a `gate: true` option that causes the attestation process to fail if the policy is violated. However, this option is not available when attaching a policy group.

## Proposed Behavior

Allow setting `gate: true` on a policy group attachment in a contract. When set, all underlying policies within the group inherit the gating behavior — meaning any policy violation within the group will cause the attestation to fail.

## Example Contract

```yaml
apiVersion: chainloop.dev/v1
kind: Contract
metadata:
  name: example-contract
spec:
  policyGroups:
    - ref: file://groups/sbom-quality-group.yaml
      gate: true   # all policies in the group become gated
      with:
        bannedComponents: log4j@2.14.1
        bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
```

## References

- [Fine-grained per-policy control gates](https://docs.chainloop.dev/concepts/control-gates#fine-grained-per-policy)
- [Policy Groups](https://docs.chainloop.dev/concepts/policy-groups#policy-groups)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(policies): add gate support for policy groups #2773

Summary

Proposed Behavior

Example Contract

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

feat(policies): add gate support for policy groups #2773

Description

Summary

Proposed Behavior

Example Contract

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions